+ Post New Thread
Page 1 of 2 12 LastLast
Results 1 to 15 of 18
Downloads Thread, Oracle Java 7 Update 21 Released - 42 vulnerabilities fixed! in Links, Downloads and Scripts; Time for another update. Java SE 7 Update 21 Download ( Windows : 32-bit , 64-bit / OS X : ...
  1. #1


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,748
    Thank Post
    221
    Thanked 2,626 Times in 1,936 Posts
    Rep Power
    778

    Oracle Java 7 Update 21 Released - 42 vulnerabilities fixed!

    Time for another update.

    Java SE 7 Update 21
    Download (Windows: 32-bit, 64-bit / OS X: 64-bit) / Release Notes / Security Advisory

    Note. According to the release notes, this update will expire on 18th July 2013.

    Due to the severity of the vulnerabilities fixed in this Critical Patch Update, Oracle recommends that these fixes be applied as soon as possible.
    Oracle today released two Critical Patch Updates: the April 2013 Critical Patch Update and the April 2013 Critical Patch Update for Java SE. The previous blog entry provided a summary of the April 2013 Critical Patch Update and this entry will discuss the content of the Critical Patch Update for Java SE.

    The April 2013 Critical Patch Update for Java SE provides 42 new security fixes. 39 of the vulnerabilities fixed in this Critical Patch Update are remotely exploitable without authentication. The maximum CVSS Base Score for these vulnerabilities is 10.0, and this score affect 19 different vulnerabilities.

    Out of the 42 vulnerabilities, only 2 can affect server deployments of Java. Server exploitation can only occur as a result of these bugs when malicious data is supplied into specific APIs on the server (e.g., through a web service), and one of these bugs actually require local access to be exploited.

    As usual, Oracle recommends that this Critical Patch Update be applied as soon as possible. Desktop users can install this new version from java.com or through the Java Autoupdate. (Source)
    Last edited by Arthur; 16th April 2013 at 09:41 PM.

  2. Thanks to Arthur from:

    Jobos (16th April 2013)

  3. #2

    Join Date
    Oct 2008
    Location
    Lincolnshire
    Posts
    2,157
    Thank Post
    12
    Thanked 224 Times in 214 Posts
    Rep Power
    66
    Only downloaded 7u17 and 6u43 last week!!

    Tempted to just remove Java, do many sites actually use it these days?

  4. #3

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,038
    Thank Post
    852
    Thanked 2,664 Times in 2,261 Posts
    Blog Entries
    9
    Rep Power
    767
    Quote Originally Posted by MatthewL View Post
    Only downloaded 7u17 and 6u43 last week!!

    Tempted to just remove Java, do many sites actually use it these days?
    Just enough to make it a huge PITA. Oh, and every malware driveby banner too, got to make your exploits platform independent.

  5. #4

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,328
    Thank Post
    622
    Thanked 1,577 Times in 1,414 Posts
    Rep Power
    413
    I removed it ages ago.

    Ben

  6. #5


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Isn't it GOOD that they are starting to take security more seriously and releasing regular updates - like windows does nowdays. ?

  7. #6
    DrCheese's Avatar
    Join Date
    Apr 2008
    Posts
    1,025
    Thank Post
    97
    Thanked 158 Times in 107 Posts
    Rep Power
    58
    Quote Originally Posted by CyberNerd View Post
    Isn't it GOOD that they are starting to take security more seriously and releasing regular updates - like windows does nowdays. ?
    Oui.
    I just wish Microsoft allowed Java/Flash (Third party software in general tbh) to use WSUS for it's updates, then no one would ever really notice it when updates comes out, they'd just get auto deployed.

  8. #7

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,658
    Thank Post
    858
    Thanked 646 Times in 429 Posts
    Rep Power
    498
    Urgh.. Will look at this later
    Wish Oracle would release CABs for SCUP in the same way Adobe does for Flash & Reader.

  9. #8


    Join Date
    Feb 2007
    Location
    51.405546, -0.510212
    Posts
    8,748
    Thank Post
    221
    Thanked 2,626 Times in 1,936 Posts
    Rep Power
    778
    Quote Originally Posted by CyberNerd View Post
    Isn't it GOOD that they are starting to take security more seriously and releasing regular updates
    Regular updates are pointless if the underlying code has more holes than Swiss cheese and hardly anyone installs the updates. Oracle need to go back to the drawing board and design the Java RE to be secure from the start (like OpenBSD), instead of treating it as an afterthought.

    Quote Originally Posted by CyberNerd View Post
    like Windows does nowadays?
    Microsoft starting taking security seriously way back in 2002 and was one of the reasons why Vista was delayed. Each successive release of Windows has been more secure than the last (as you will see if you read their Security Intelligence Report and the Secunia Vulnerability Review). Adobe also started a similar initiative in 2009 with Reader and Acrobat and is why malware writers largly focus on Java exploits because it is such an easy target.

    "It's more expensive to create a Flash exploit than a Java one," Vupen CEO Chaouki Bekrar told Threatpost reporter Dennis Fisher. "Every time Adobe updates Flash, they're killing bugs and techniques and sandbox bypasses, and honestly, Adobe is doing a great job making it more secure." (Source)

  10. #9


    Join Date
    Jan 2006
    Posts
    8,202
    Thank Post
    442
    Thanked 1,032 Times in 812 Posts
    Rep Power
    339
    Not many people in the 1990's and 2000's took the attitude that the only way to secure windows was to uninstall it...

  11. #10

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,916
    Thank Post
    857
    Thanked 1,428 Times in 982 Posts
    Blog Entries
    47
    Rep Power
    614
    I wouldn't mind the updates so much if there was a way of disabling the GODDAMNED STUPID WARNINGS ABOUT IT BEING OUT OF DATE. ALL THREE OF THEM. (I did see a guide, but it was ridiculously involved, because Java is not inherently manageable it seems. Blocking the URL they check in with seemed to break the usual operation of Java.)

    7u17 was good enough yesterday. This morning, first period, girls taking their ECDL tests will be bombarded with messages about security risks. Config Manager only checks in once an hour. No matter how quickly I move, I cannot push out the Java update fast enough to stop the warnings for their exam. The warnings that are only ever asked once, and require a profile reset if the wrong button is clicked.

    Not to mention how stuffed I am if this update breaks something else because I've not had time to test it properly thanks to all the unnecessary pressure placed on my users. Believe me, I want a secure network, I want to deploy the best version I can. I do not need you panicking students & breaking paid-for exams to force my hand on the issue.

    AAARGH

  12. #11

    sonofsanta's Avatar
    Join Date
    Dec 2009
    Location
    Lincolnshire, UK
    Posts
    4,916
    Thank Post
    857
    Thanked 1,428 Times in 982 Posts
    Blog Entries
    47
    Rep Power
    614
    Brilliant. The new update now flashes up an extra warning when running the ECDL tests, about signed & unsigned code, do you want to block?



    I am not sure why Oracle think that creating lots of warnings is better than just securing their thrice-damned software properly. If I could rid myself of it, I would.

  13. #12
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    905
    Thank Post
    41
    Thanked 69 Times in 66 Posts
    Rep Power
    18
    Funny we blocked the domain and had no issues. Do you need to push out a deployment.properties using gpp ? Important assuming you can disable the warnings.

  14. #13
    free780's Avatar
    Join Date
    Sep 2012
    Posts
    905
    Thank Post
    41
    Thanked 69 Times in 66 Posts
    Rep Power
    18
    When trying this tester How do I test whether Java is working on my computer?
    I get told its unsigned code can a couple of people try and see if this is true or its our firewall?

  15. #14
    ADMaster's Avatar
    Join Date
    May 2012
    Posts
    324
    Thank Post
    5
    Thanked 33 Times in 28 Posts
    Rep Power
    23
    I tried disabling java in the browser but found out study island uses it to communicate with the clickers.
    @sonofsanta

    I do not use anything that requires java myself so do not see all these warnings and update notifications. I do disable the auto update check, which may help you with some of the nag screens.
    We have also had issues with JNLP file associations in the past. I have attached my group policy settings to disable java auto update and fix the JNLP file associations. I’ve also attached my MST that will disable java update during install.

    I have these settings in GPP registry for users, and computers.

    I hope they help you.


    JavaNoUpdate.mst

    Java.zip

  16. #15

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,658
    Thank Post
    858
    Thanked 646 Times in 429 Posts
    Rep Power
    498
    I deploy Java out via SCCM and have an MST file to disable update notifications and hide certain aspects of the Control Panel Applet.
    The major issue is remembering to supersede the previous version (Full Uninstall) before deploying the newer update! If you don't it breaks the installation and you need to clean the registry manually before the new version will install.

    As I said before - If Oracle could create a SCUP catalog it would make life easier!

SHARE:
+ Post New Thread
Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 4
    Last Post: 13th June 2012, 09:11 AM
  2. Replies: 3
    Last Post: 28th April 2012, 07:31 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •